Fugue recently achieved Amazon Web Services (AWS) Security Competency status. Our customers, including Red Ventures, Ericsson, and Wabtec use Fugue to establish cloud security visibility and policy-based governance across the software development life cycle. Attaining this designation from AWS recognizes that Fugue demonstrates proven technology that helps customers achieve their cloud security goals.
Richard Park also contributed to this post. The Apache Log4j vulnerability known as Log4Shell (CVE-2021-44228) is a serious vulnerability that allows an attacker to execute arbitrary code on any server running the popular Apache Log4j Java logging library. It has a CVSS score of 10, the highest possible value, and should be addressed immediately.
We recently announced support in Fugue for the AWS Well-Architected Framework, a set of recommendations Amazon Web Services provides for designing infrastructure for cloud applications and workloads.
What’s a cloud vulnerability? In the simplest terms, it’s an exploitable weakness in a cloud environment. Vulnerabilities are commonly caused by cloud resource misconfigurations and can lead to breaches and security failures — especially when the vulnerability is related to Identity and Access Management (IAM).
Last week we announced Fugue IaC, which enables cloud engineering teams to secure their infrastructure as code (IaC) and cloud runtime environment using the same policies. For running IaC checks locally, Fugue developed Regula, an open source tool built on Open Policy Agent (OPA).
This week, Fugue announced unified infrastructure as code (IaC) and cloud runtime security. For the first time, cloud engineering and security teams can automate security across the development lifecycle using the same policies.
This blog post was updated on December 15, 2021, to reflect version 2.20 of the AWS CDK. You may already know that Regula, Fugue's open-source policy engine that uses Open Policy Agent (OPA) for checking infrastructure as code (IaC), can evaluate Terraform and AWS CloudFormation templates for security issues. But did you know that you can use Regula to secure your AWS Cloud Development Kit (CDK) apps, too?
Cloud security has long been focused squarely on the cloud runtime environment to keep infrastructure free of misconfiguration vulnerabilities that can open the door to hackers and lead to data leaks and breaches. It is reasonable considering most (if not all) cloud-based security incidents result from customer mistakes in the form of cloud resource misconfiguration. Gartner calls this Cloud Security Posture Management, or CSPM.
Regula, our open-source infrastructure as code (IaC) policy engine, now supports AWS CloudFormation. This means you can use Regula to perform static analysis of CloudFormation YAML or JSON templates for security vulnerabilities and compliance violations – including templates that use the Serverless Application Model. For instance, if a template declares an EBS volume that does not have encryption enabled, Regula’s report will show which template – and which specific resource – failed the check.
Today we announced that Fugue now supports Google Cloud, in addition to Amazon Web Services (AWS) and Microsoft Azure. Google Cloud support is key to providing our customers with a unified view of—and control over—the security posture of their cloud environment across cloud platforms. It was a top customer request, and considering the number of Google Cloud Projects we’ve seen onboarded to Fugue over the past few days, it’s clear that Google Cloud is experiencing significant growth.