Skip to content

    Latest Posts

    A Technical Analysis of the Capital One Cloud Misconfiguration Breach

    Josh Stella

    UPDATE: August 26, 2019Since posting this, AWS has made some public statements regarding the breach that shed some light on what likely happened. From their response to Senator Ron Wyden, AWS stated:"As Capital One outlined in their public announcement, the attack occurred due to a misconfiguration error at the application layer of a firewall installed by Capital One, exacerbated by permissions set by Capital One that were likely broader than intended. After gaining access through the misconfigured firewall and having broader permission to access resources, we believe a SSRF attack was used (which is one of several ways an attacker could have potentially gotten access to data once they got in through the misconfigured firewall." "As discussed above, SSRF was not the primary factor in...

    Read More

    Fugue Now Supports Microsoft Azure to Provide Multi-Cloud Security Posture Management

    Drew Wright

    Today we announced that Fugue now supports Microsoft Azure, in addition to Amazon Web Services (AWS). Our customers increasingly use multiple Cloud Service Providers (CSPs), and they want a single Cloud Security Posture Management (CSPM) solution that spans multiple CSPs. Now Fugue for Microsoft Azure is now generally available, and we’re thrilled to deliver that to our customers.

    Read More

    5 Things Executives Need to Know About Cloud Security

    Phillip Merrick

    For twelve years I’ve held executive management positions at companies making significant use of the cloud. Now I have the privilege of helping lead Fugue, a leading provider of cloud security and compliance solutions. Along the way I’ve found that senior executives—both at technology companies and outside the tech industry—sometimes struggle to understand the security implications of moving to the cloud. It’s common for executives to simply make blanket declarations that the cloud will never be secure enough for them (untrue), or alternatively to hold the belief that the cloud service providers like Amazon, Microsoft and Google take care of all the security issues for you (also untrue).

    Read More

    SOC 2 Cloud Security: Breaking Down its Complexities

    Diem Shin

    If you consider how rapidly organizations are increasing their cloud footprint, ensuring compliance with the different compliance standards can get challenging very quickly. Here at Fugue, we aim to make compliance easy, so in this blog, we are going to break down the complexities associated with SOC 2 compliance.

    Read More

    Shift Left on Cloud Security, Part III: Extending into Production

    Josh Stella

    In the last part of this series, we're going to look at the final stages of the software development life cycle (SDLC)—deployment and operations. As a reminder, in parts one and two, we discussed the overall concept of shifting left for security and compliance, and laid out some best practices for how to do so during the development and testing phases of the SDLC. In this post, we'll cover how using policy as code and baselines allows you to leverage all the work done in the earlier phases to prevent deployment of misconfigurations and ensure that your deployed infrastructure remains functional and compliant over time.

    Read More

    The 5 Biggest Myths in Cloud Security (And How to Avoid Getting Burned)

    Drew Wright

    Enterprise cloud adoption is in full swing, therefore cloud security and compliance has become a top priority. Security in the cloud requires different approaches than in the datacenter—and a different mindset. Demonstrating this are movements like DevOps, DevSecOps, and Shift Left, which have begun to transform how Cloud Security Posture Management (CSPM) is done with automation using tools like infrastructure as code and policy as code.

    Read More

    Fugue Now Available for AWS GovCloud

    Diem Shin

    Fugue is excited to announce support for AWS GovCloud. This enables public sector customers to leverage public cloud resources while remaining compliant. Our product supports AWS GovCloud regions which meets specific regulatory and compliance requirements for US government agencies such FedRAMP High and ITAR.

    Read More

    4 Benefits of Visualizing Your Cloud Infrastructure

    Diem Shin

    As organizations increase their cloud footprint, gaining visibility into their cloud resources becomes an arduous but essential task. It is critical to understand how your cloud resources are provisioned and configured as well as identifying any misconfigurations. Many security and compliance teams address these needs by working with system architects to manually create architecture diagrams for reporting based on cloud console configuration settings, log records, and AWS Config data. This process is tedious and time consuming and not scalable for enterprises with large cloud workloads.

    Read More

    Addressing Cloud Security with Infrastructure Baselines

    Diem Shin

    At Fugue, we are obsessed with infrastructure baselines and especially with how they are utilized to correct cloud resource misconfiguration and drift—the leading cause of cloud-based data breaches. Baselines are a relatively new concept, so we thought an informative blog post about baselines, what they are, why organizations need them, and how organizations can get started with baselines, would be a great introduction to baselines. So let’s get started.

    Read More
    Fugue Developer

    Free Cloud Security for Engineers

    • Visualize your cloud infrastructure
    • Run policy checks and get feedback
    • Detect change and eliminate misconfiguration
    GET STARTED CONTACT SALES